We have implemented SSO by using SAML where we redirect a user (via a Java servlet) to an identity provider with "application.showURL". After login it will redirect back to Servoy (again through another Java servlet) by using a deep link. This deep link includes a reference to a global method, which will perform a few checks and executes "security.login" if successful. This all works fine on Chrome and Edge but not on Firefox.
It seems that the same Servoy (NGClient) client is used for Chrome and Edge but a new client is started on Firefox. I can see this because:
1. The "onBeforeLogin" event is triggered once again at the callback on Firefox (but not for the other browsers).
2. The global method doesn't seem to be accessible at solution start. But it is if the solution is already started but still has access to the login form only (thus not logged in yet).
This can be easily reproduced by starting a new client, the go to some other random page in the same tab and then return to the client (with the back button).
I have 2 sidenotes:
1. It does work perfectly from Servoy Developer.
2. We use the "loginForm" property of the solution.
And I have 2 questions:
1. Why is the same Servoy client session not being reused in Firefox while this is the case for the other browsers?
2. Why is the referenced method in the deep link not accessible at startup, but is after startup but before being logged in.